Security Event ID: 529

Hi All,

We are still getting a fair number of these hacking attempts again, can
anyone suggest how to establish where they are comming from, which part of
SBS are these attemps to hack?

Thanks,
Nick


Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: "null"/abc123/password/passwd
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: SERVER
Caller User Name: SERVER$
Caller Domain: DOMAIN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1600
Transited Services: -
Source Network Address: -
Source Port: -

Hi Nick:

While I don't pretend to be a firewall expert, there are some here. If you
let us know the brand and model of your edged device, perhaps one of the
folks here can give you some suggestions.

In the meantime, be sure you use complex pass phrases, which are your best
security.

--
Larry
Please post the resolution to your
issue so that others may benefit.

Get a Health Check for SBS at:
www.sbsbpa.com


"Nick" <> wrote in message
news:...
> Hi All,
>
> We are still getting a fair number of these hacking attempts again, can
> anyone suggest how to establish where they are comming from, which part of
> SBS are these attemps to hack?
>
> Thanks,
> Nick
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> User: NT AUTHORITY\SYSTEM
> Computer: SERVER
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: "null"/abc123/password/passwd
> Domain:
> Logon Type: 3
> Logon Process: Advapi
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name: SERVER
> Caller User Name: SERVER$
> Caller Domain: DOMAIN
> Caller Logon ID: (0x0,0x3E7)
> Caller Process ID: 1600
> Transited Services: -
> Source Network Address: -
> Source Port: -
>
>